none
Restrict public access to Azure Postgres service RRS feed

  • Question

  • Hi All, 

    We are currently setting up Postgres DB in Azure and what we see is that even after defining very strict security group rules, the FQDN (when accessed from a public network) responds with a postgres service signature. i.e.

    psql: FATAL:  no pg_hba.conf entry for host "xx.xxx.xx.xx.xx", user "userx", database "randomDB", SSL on

    We don't have any rule that would allow this traffic to hit the instance. So why do we see a response from the server. I am quite sure if an RDS instance in AWS is created, by default you cannot create a connection to it from outside world. 

    Thanks, 

    J



    • Edited by jahantech Friday, December 21, 2018 2:09 PM
    Friday, December 21, 2018 2:05 PM

All replies

  • Hi Jahantech,

    You are seeing a response from the Azure Postgres gateway (service) and not from your actual instance. Please let me know if you have additional questions.

    There is a previous MSDN post regarding this; looking for it. A customer had the same concern. The response is from gateway node that handles all Postgres traffic for that region. You should be able to do a traceroute (tracert) to your instance IP and see that the traffic doesn't make it to your deployed instance. 

    Regards,

    Mike

    Friday, December 21, 2018 9:57 PM
    Moderator